Threat Report 12/10/24
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution Multiple vulnerabilities have been discovered in Google Android...
Multiple vulnerabilities have been discovered in Google Chrome, which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Affected Systems:
Chrome prior to 122.0.6261.94/.95 for Windows
Chrome prior to 122.0.6261.94 for Mac and Linux
Risk
Remediation Recommendations
References
https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html
Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for privilege escalation. Successful exploitation of the most severe of these vulnerabilities could allow for privilege escalation in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Affected Systems:
Versions prior to iOS 17.4 and iPadOS 17.4
iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Versions prior to iOS 16.7.6 and iPadOS 16.7.6
iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
Risk
Remediation Recommendations
References
Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights.
Affected Systems:
Risk
Remediation Recommendations
References
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Affected Systems:
Risk
Remediation Recommendations
References
United Health Group confirmed on February 29th that the cyberattack sustained by Change Healthcare two weeks ago was a ransomware attack by the BlackCat/ALPHV gang. BleepingComputer reports that Blackcat on February 27th claimed to have stolen six terabytes of data from Change Healthcare and its partners, including medical and dental records, insurance records, payment data, claims information, patients' PII, and active U.S. military/navy personnel PII data. The Record notes that the gang has since removed the post.
Then, on March 1st, BlackCat/ALPHV received a payment of 350 Bitcoin (approximately $22 million), as reported by WIRED. The Register says UnitedHealth Group declined to say whether it paid the ransom.
The Register also notes that ALPHV may be pulling an exit scam with the $22 million. Recorded Future researcher Dmitry Smilyanets says someone claiming to be the affiliate behind the Change Healthcare attack posted on an underground forum saying that ALPHV suspended their account and then "emptied the wallet and took all the money."
The Washington Post has published a summary of the impacts of the Change Healthcare attack. Molly Smith, group vice president for public policy at the American Hospital Association, stated, "Our assessment is that this is the most significant attack on the health-care system in U.S. history."
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution Multiple vulnerabilities have been discovered in Google Android...
Critical Patches Issued for Microsoft Products Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could...
Multiple Vulnerabilities in Microsoft Edge (Chromium-Based) Could Allow for Arbitrary Code Execution Multiple vulnerabilities have been discovered...